[
https://issues.apache.org/jira/browse/DIRSERVER-1325?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Emmanuel Lecharny updated DIRSERVER-1325:
-----------------------------------------
Fix Version/s: 2.0.0-RC1
Let's see if we can fix that for 2.0
> Simple Authentication can not be disabled
> -----------------------------------------
>
> Key: DIRSERVER-1325
> URL: https://issues.apache.org/jira/browse/DIRSERVER-1325
> Project: Directory ApacheDS
> Issue Type: Bug
> Components: core
> Affects Versions: 1.5.4
> Reporter: Andreas Kyrmegalos
> Priority: Minor
> Fix For: 2.0.0-RC1
>
>
> Recently upgraded to the 1.5 branch (1.5.4). Nice new feature set. While
> fiddling with the settings I noticed this option:
> <simpleMechanismHandler mech-name="SIMPLE"/>
> under the saslMechanismHandlers header. So, I assumed that, based on the
> name, one is to understand that (since SASL PLAIN and LDAP SIMPLE are a 1:1
> match) the ldap simple/sasl plain authentication can be deactivated. After
> commenting the above mentioned setting, SASL PLAIN is no longer mentioned in
> "supportedSASLMechanisms" and if one attempts to use it, a
> javax.naming.AuthenticationNotSupportedException is what one gets.
> Unfortunately, if one tries to use SIMPLE as an authentication mechanism, the
> bind succeeds. This also holds true for the 1.5.5 trunk (as of 3/9/2009).
> This can be fixed by adding a typical is/set pair for a boolean value, just
> like the case for anonymous access, in
> org.apache.directory.server.core.DirectoryService.java, making a check when
> authenticate() is called in
> org.apache.directory.server.core.SimpleAuthenticator and adding the relevant
> setting to defaultDirectoryService in server.xml. Did this myself, seems to
> work as intended.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
